Google Play may get its own built-in virus scanner

Teardown of Google Play APK shows source code for malware detection.

Android users may soon have a reason to rejoice, as it appears Google may actually be working on a built-in malware scanner for its Google Play store. The Android Police, an Android enthusiast blog, has done a full APK teardown of the Google Play store update, which the blog notes has just been updated to 3.9.16.

The update includes a string file with source code for something called "App Check." It will essentially enable Google to not only inspect the applications that a user has already downloaded from the Play store, but also warn users if they’re downloading something that looks potentially malicious, with the option to install the app regardless of the warning. There is also artwork included in the string that shows the potential notification icons that could crop up if malware is detected.

The Android Police says that this is a lot like Bouncer, a server-side scanner that Google unveiled in February, which checks each app submitted to the store for traces of known malware. However, this particular feature looks like it will be a "virus scanner" that will be a part of the Android operating system.

25 Reader Comments

Google already scans applications before they appear in the Play Store. How does scanning them *again*, and on every phone on the planet, help at all? (Instead, it may make the Play Store application even slower and consume resources on billions of phones.) But surely Google isn't crazy; can someone explain this to me?

(As to certification, they are not going to do that on our phones either, so I don't see why they can't just keep scanning for malware on their Play Store servers.)

I'm intrigued. As noted before, Google already scans apps in the Play store and does as good a job as anyone else there. (There are problems with poor copies flooding the Google Market, but not with malware.) The issue seems to be side-loaded apps. So, how many "ordinary" people actually side-load apps?

I have little sympathy for people who download cracked apps, and these would seem to be the people "at risk" from traditional android malware.

Perhaps this is necessary for marketing reasons - you have to protect the pirates because otherwise they give you a reputation for malware?

The first worms, network-borne infectious programs, originated not on personal computers, but on multitasking Unix systems.

The unix servers in our datacenter are under constant attack. At times our security software is literally blocking attacks several times *every second*. And a handful of times over the last several years, an attack managed to bypass our security systems.

Malware effects all platforms. And publicly accessible Unix systems running on fast hardware worth $50,000+, connected to the internet via a pipe faster than most people's LAN... they are attacked more often than anything else.

Google Play should get its own gift cards and maybe then it will start attracting more serious developers. Right now there is no money in the Android app market (unless you're secretly mining data from your users

Google Play should get its own gift cards and maybe then it will start attracting more serious developers. Right now there is no money in the Android app market (unless you're secretly mining data from your users

It does have gift cards. Have you not been in an electronics store in the last few months?

sounds great.. it appears that it will give users MORE warning on Apps that may be wanting a bit to much access to the devices.. hence the:

Quote:

<string name="package_malware_recommendation_warning">Google recommends that you do not install this app.</string>...<string name="package_malware_checkbox_label">I understand that this app may be dangerous.</string>

Sounds good to me - so even if an app is not proven to be malware, but has the traits of maybe wanting a bit to much access (IE a game also wanting full control over contacts and calendars...).

It also appears that it will also look at non-Google Play apps as well...

Google already scans applications before they appear in the Play Store. How does scanning them *again*, and on every phone on the planet, help at all?

There are ways to detect malware in binaries, like fingerprinting, but sometimes the code has to be run to detect it doing something it shouldn't. Sure they could and probably do run the software in a sandbox on their servers, but they can't run it on every hardware and software combination out in the wild.

I hope they bring a feature so i can see a list of things that have been PURCHASED (not just free downloaded apps) so that i can see everything i have bought but is not installed at the moment. Having to sift through my huge download list to find something i purchased two years ago but can't quite remember the name of it pisses me off.

For the people asking why there is a need for the Play app to perform a "double" scan - it's because of the apps people sometimes sideload onto their phone. The Play app has the option to scan all of the apps on your phone.

Google's solution to all problems is to write yet another program...to automate everything. Adding a virus scanner to its store is much cheaper than devoting several employees full time to "approve" apps before they get added to the store (like Apple does). But Google's approach, while cost effective, is inferior.

And Google has supposedly been scanning for malware already.

Yet another half-baked Google idea...done programmatically. Google's store will still be the center of the universe for the thieves and miscreants.

Where did you get that? Google does pull them when they find them, and the stories seem to come slower than they used to (obviously getting better), but they are still pulling several apps a month that slip through.

Google Play should get its own gift cards and maybe then it will start attracting more serious developers

Developers are already attracted by the shear size of the Android market. What you are seeing is not due to lack of gift cards (which they have), but other factors. Like:

1) Android market share is driven by all the low end devices it runs on. These phone owners are very price sensitive, and don't want to spend money. Not even $1.

2) With multitudes of devices from very low end specs to high end, it is more difficult to program and test for. For example since most phones don't have a good GPU, games can't take advantage of one. Since the games don't exist, to date not a single device maker has bothered putting in a really stellar GPU.

3) The play store is flooded with poor quality apps. It is difficult to wade through and find the good ones.

Just anecdotal, but my friends with Android phones have very few apps loaded.

I realize you may have a different perspective but from my experience many of these things could be said of iphone users.

1. Contrary to what most iphone users seem to think most android phones I see are high end models. For instance Verizon's best sellers this year were the RAZR and galaxy nexus. Apple still sold plenty of iPhone 3gs models this year (basically the same processor as the original moto droid). I know several people who bought one because they were cheap.

2. No doubt the multitude of models makes testing difficult, but android deals with these differences better than iOS in some ways. I'm pretty sure the samsung devices and tegra 3 models have very compettive graphics chips.

3. From what I've seen the apple app store has its share of subpar apps as well. I dont think apple tests apps as much as people give them credit. Google could definately do more to improve the play store though.

Google managed to break that streak with Android since apps are installed as Root/SU and that the apps are unmonitored.

Yeah, no. Android hasn't ever done that as far as I know. Each app is given it's own user, and given permission to various functions be being added to groups. ie. when in your manifest, you say that you need permission to access the SD card, the installer adds your app's user to the group that has access to the SD card. It's a pretty clean, very unixy (if a little backwards from how you generally think of such thigs) permissions system.

I agree, there needs to be a UI feature in the "Properties of Apps" (where you can delete Cached Data, move Apps to Phone/Storage etc.) to enable/disable individual access rights.

Does an app for that actually exist? I understand it'll require Root access though to "overrule/monitor" an apps behavior.

Many custom ROMs have this feature However, many apps start giving pop up fits to let you know when they can't serve their ads because you blocked network access. So then it becomes less hassle to just show the ad. Unless it is being used by a young kid or you worry about data caps, in which case you teach them to hit the "ok" button when it pops up.

Dev's that are using this info to give you the game for free may do something else if you revoke access they accessed for when it was installed...

Florence Ion / Florence was a former Reviews Editor at Ars, with a focus on Android, gadgets, and essential gear. She received a degree in journalism from San Francisco State University and lives in the Bay Area.